Bug 48951 - openjpeg2: Multiple issues (4.3)
openjpeg2: Multiple issues (4.3)
Status: CLOSED FIXED
Product: UCS
Classification: Unclassified
Component: Security updates
UCS 4.3
All Linux
: P3 normal (vote)
: UCS 4.3-3-errata
Assigned To: Quality Assurance
Philipp Hahn
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2019-03-11 12:34 CET by Quality Assurance
Modified: 2019-03-13 14:22 CET (History)
0 users

See Also:
What kind of report is it?: Security Issue
What type of bug is this?: ---
Who will be affected by this bug?: ---
How will those affected feel about the bug?: ---
User Pain:
Enterprise Customer affected?:
School Customer affected?:
ISV affected?:
Waiting Support:
Ticket number:
Bug group (optional):
Max CVSS v3 score: 5.3 (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L) Debian RedHat


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Quality Assurance univentionstaff 2019-03-11 12:34:10 CET
New Debian openjpeg2 2.1.2-1.1+deb9u3 fixes:
This update addresses the following issues:
* Stack-buffer overflow in the pgxtovolume function (CVE-2017-17480)
* integer overflow in opj_j2k_setup_encoder function in openjp2/j2k.c  (CVE-2018-5785)
* In OpenJPEG 2.3.0, there is excessive iteration in the opj_t1_encode_cblks  function of openjp2/t1.c. Remote attackers could leverage this  vulnerability to cause a denial of service via a crafted bmp file.  (CVE-2018-6616)
* Division-by-zero vulnerabilities in the functions pi_next_pcrl,  pi_next_cprl, and pi_next_rpcl in lib/openjp3d/pi.c in OpenJPEG through  2.3.0 allow remote attackers to cause a denial of service (application  crash). (CVE-2018-14423)
* OpenJPEG 2.3.0 has a NULL pointer dereference for "red" in the imagetopnm  function of jp2/convert.c (CVE-2018-18088)
Comment 1 Quality Assurance univentionstaff 2019-03-11 13:01:07 CET
--- mirror/ftp/4.3/unmaintained/4.3-0/source/openjpeg2_2.1.2-1.1+deb9u2.dsc
+++ apt/ucs_4.3-0-errata4.3-3/source/openjpeg2_2.1.2-1.1+deb9u3.dsc
@@ -1,3 +1,16 @@
+2.1.2-1.1+deb9u3 [Thu, 07 Mar 2019 16:41:30 -0500] Luciano Bello <luciano@debian.org>:
+
+  * Non-maintainer upload by the Security Team.
+  * CVE-2018-14423: Division-by-zero vulnerabilities in the functions
+    pi_next_pcrl, pi_next_cprl, and pi_next_rpcl (closes: #904873).
+  * CVE-2018-6616: Excessive Iteration in opj_t1_encode_cblks
+    (closes: #889683).
+  * CVE-2017-17480: Write stack buffer overflow due to missing buffer
+    length formatter in fscanf call (closes: #884738).
+  * CVE-2018-18088: Null pointer dereference caused by null image
+    components in imagetopnm (closes: #910763).
+  * CVE-2018-5785: Integer overflow in convertbmp.c (closes: #888533).
+
 2.1.2-1.1+deb9u2 [Mon, 16 Oct 2017 21:15:20 +0200] Mathieu Malaterre <malat@debian.org>:
 
   * Fix whitespace/indent mess

<http://10.200.17.11/4.3-3/#6512527586340119909>
Comment 2 Philipp Hahn univentionstaff 2019-03-11 16:25:02 CET
OK: yaml
OK: announce_errata
OK: patch
OK: piuparts

[4.3-3] 1ccb099747 Bug #48951: openjpeg2 2.1.2-1.1+deb9u3
 doc/errata/staging/openjpeg2.yaml | 18 ++++++++----------
 1 file changed, 8 insertions(+), 10 deletions(-)

[4.3-3] 4e3b5d3402 Bug #48951: openjpeg2 2.1.2-1.1+deb9u3
 doc/errata/staging/openjpeg2.yaml | 28 ++++++++++++++++++++++++++++
 1 file changed, 28 insertions(+)
Comment 3 Arvid Requate univentionstaff 2019-03-13 14:22:16 CET
<http://errata.software-univention.de/ucs/4.3/453.html>